diff --git a/lambda/app.py b/lambda/app.py
index ee1869f45..714da6f21 100644
--- a/lambda/app.py
+++ b/lambda/app.py
@@ -976,6 +976,19 @@ def s3credentials():
     policy = b_map.to_iam_policy(groups)
     log.debug("policy: %s", policy)
 
+    if policy is None:
+        template_vars = {
+            "contentstring": "You do not have permission to access any data.",
+            "title": "Could not access data",
+            "requestid": get_request_id()
+        }
+        return make_html_response(
+            template_vars,
+            authorizer.get_success_response_headers(),
+            403,
+            "error.html"
+        )
+
     app_name = app.current_request.headers.get("app-name", "")
     role_session_name = get_role_session_name(user_profile.user_id, app_name)
 
diff --git a/requirements/requirements.in b/requirements/requirements.in
index 1271d43ee..cd0588e37 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -2,5 +2,5 @@ cachetools
 cfnresponse
 chalice
 flatdict
-git+https://github.com/asfadmin/rain-api-core.git@6acd2cb943cb552c525bc5320297f62b812a33ba
+git+https://github.com/asfadmin/rain-api-core.git@5acfb6403df35e302ad6d7ccdc050a51e4c827a7
 netaddr
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 65245a4fa..083146a43 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -52,7 +52,7 @@ pyyaml==6.0
     # via
     #   chalice
     #   rain-api-core
-rain-api-core @ git+https://github.com/asfadmin/rain-api-core.git@6acd2cb943cb552c525bc5320297f62b812a33ba
+rain-api-core @ git+https://github.com/asfadmin/rain-api-core.git@5acfb6403df35e302ad6d7ccdc050a51e4c827a7
     # via -r requirements/requirements.in
 readchar==4.0.3
     # via inquirer